The spies in our lives aren't like the ones in movies—they take the form of a suspicious lover, obsessive coworker, or jealous "friend." While you can't distrust everyone you meet and lead a happy life, you can protect your personal information from falling into the wrong hands. Here's how to guard yourself from spies without slipping into a state of constant paranoia.

Securely Manage Your Online Information

The goal of spying is to gain information and anyone can find plenty of personal information about you—or anyone, really—by knowing where to look. I spoke with security and investigations expert Brandon Gregg to find out the most common sources:

Advertisement

In today's world 90% of everything you need about someone is online because of their own postings on Faceback and LinkedIn. Another 9% can be found on private databases like TLO, CLEAR, Intelius, Lexis Nexis and other pay-for-data sites. The last 1% (passwords, secrets, and personal personal data) can be found via social engineering tricks. Surveys have shown ‘34% of respondents volunteered their password when asked without even needing to be bribed and 79% of people unwittingly gave away information that could be used to steal their identity when questioned.' Need higher chances? Another survey showed ‘More than 70% of people would reveal their computer password in exchange for a bar of chocolate.' Add some social engineering tricks like intel about your target (boss' secretary name from LinkedIn) or caller ID spoofing and you will increase your chances to the high 90% range.

You can't prevent the information collected about you in private databases, but you do have some control over your online presence and can protect yourself against social engineering.

Be Careful About What You Post Online

The best way to protect yourself from revealing too much online isn't to stop posting, but rather to change the sorts of things you post. Public details about your personal life make it very simple for just about anyone to find out a lot of information about you and use it to gain your trust. While you can continue to do this and simply be vigilant, social networks like Facebook and Google+ make it possible to share certain posts with some people but not everyone. Manage your Facebook privacy by creating groups that can see personal posts and ones that can't. You can do the same on Google+ with circles. When posting publicly, or at least to a wider audience, limit that content to impersonal things like links to articles, products you like, images of other people or things, and online videos. You're still at risk by posting anything at all, as anyone can potentially gain your trust by simply knowing a few of your interests, but if you're careful you won't fall victim to any social engineering hacks.

Keeping your Facebook info private is getting harder and harder all the time—mostly because…
Read more Read more

Perhaps more importantly, be very careful about your online check-ins. When you disclose your location, anyone who's watching now knows exactly where you are. Site like Please Rob Me popped up on the web because thiefs began using online check-ins as a way to determine when their targets weren't around. If you stop checking in you don't have to worry about this at all, but at the very least you should do it privately. Don't expose your check-ins to the world because you never know who's watching.

If you do have online data you want to get rid of because it puts you at risk, it isn't easy to do but definitely possible. Check out our guide on commiting internet suicide for details

Sick of horribly embarrassing things showing up when potential employers Google your name? Tired of …
Read more Read more

Never Trust Anyone with Your Password Password

You can only do so much to protect yourself against social engineering hacks and keep spies out of your personal information. Truly staying safe necessitates a little healthy paranoia. While it should go without saying, never give your password out to anyone. Most social engineering attempts focus on gaining your trust enough to get your password, so you can protect yourself far more by simply keeping it private. That said, a social engineering attempt won't necessarily fail just because you didn't give up your password. These attacks work because they lower your guard and get you to provide information you don't consider sensitive without realizing it. The request for your password may not come until two or three calls down the line. Protect yourself by knowing exactly who you're talking to before giving them any information at all.

For more on protecting yourself from social engineering hacks, read our guide.

Dear Lifehacker, My passwords are strong, but if hackers can convince tech support into thinking…
Read more Read more

Safeguard Your Trash

Not all valuable data about you exists in a computer. In fact, spies may find more valuable information in your mail or files. Letters and receipts tell a story, provide a fair amount of private data, and put you at risk. Anyone with access to your home can easily steal this information without you ever finding out, and those who don't can find it in your trash.

The current law in the U.S.A. (federal as well as most states) is that (1) a person has no reasonable expectation of privacy for contents of garbage and (2) a person has relinquished any property interest in garbage, even when it sits in metal trash cans or opaque plastic bags at the person's home awaiting collection. This sorry state of affairs needs correction, probably by legislation.

What kind of magic can you find in the trash? Brandon explains:

Dumpster diving, trash pulls, digging in the garbage (or whatever you may call it) often times provides great intel and evidence due to people's consistent disregard for their own privacy. What may be a meaningless piece of garbage to them, can build your intel about the suspect to a level that would creep the average person out. Family names, former addresses, phone numbers, account numbers, bank statements, credit card purchases, DNA (toothbrushes, combs, cups, etc) and a whole slough of raw data can be found and combined to give you further intel gathering tools (social engineering, pre-texting, etc) or even provide you with a smoking gun for your investigation.

If you want to protect yourself from dumpster divers, you need to shred your trash. While you can buy cheaper shredders that split paper into individual strips, any spy with a little time on their hands can reassemble that with ease. Instead, spend the extra money to get a more heavy-duty shredder capable of cross-cutting. Nothing short of obliterating your sensitive documents will prevent reassembly, but cross-cutting reduces the likelihood that anyone's going to put your paper back together without breaking the bank.

Avoid Getting Tracked

It's easy to track someone nowadays, especially if a spy has access to your smartphone. Even without, GPS tracking devices are cheap and easy to come by. If you think you're being tracked, here's what you need to look for.

Make sure Google Latitude isn't installed or active on your phone. With the right settings, Latitude will post your location publicly so a spy can find it at any time without ever being identified. Even worse, software called Flexispy allows anyone who installs it to access pretty much everything on your phone whenever they please. Spies will need access to your mobile in order to accomplish this, so lock your phone with a secure password and don't share it with anyone you can't keep an eye on.

We've always argued that the most secure password is one you don't even know, and is…
Read more Read more

While it may be difficult for a spy to install tracking software on your phone, it's incredibly easy for anyone to track you with a GPS data logger. According to Brandon, you can pick them up for practically nothing on eBay. I found several on Google Shopping in about five seconds. They're cheap, and a spy can strap them on your car for a week or two and pick up the data at their leisure. If you believe you're being tracked, check your car regularly. For detailed information on where to look, check out this post.

Hopefully most of us will go throughout life without being tracked by a GPS bug, but if you're …
Read more Read more

Don't Try to Catch a Spy

Although it might be tempting to try and catch someone who's spying on you, it's very hard to find any definitive proof. I asked Brandon how spies should avoid getting caught and most mistakes seem easy enough to avoid:

There are many ways to "get burned" while spying on someone. From someone noticing you walking too close to advance counter surveillance tactics like TSCM equipment that easily find any covert camera or audio bug you planted. The key is not to be aggressive, know your target, and don't let your tactics trace back to you. Depending on who and why you are spying remember your target will be there tomorrow. Take your time. Plan. No one suspects they are being spied on; use that to your advantage. If you get confronted, turn around and walk away. Just like being arrested, not talking gives them nothing to work with.

Basically, even if you do catch someone spying on you there's a good chance you won't be able to prove it. Instead, worry more about protecting yourself and stay vigilant. Don't give out personal information easily. Avoid living in public, even if that's what the times dictate. Most of us won't be subject to spies, but don't think it can't happen to you. Suspicious lovers, vengeful enemies, and jealous coworkers may take small steps towards finding your personal data. You never know who's lurking around the corner. It may be a stranger or a friend, but you won't have to worry if you make an effort to protect your personal data.

Special thanks to Brandon Gregg for his expert advice. Brandon has worked investigations for numerous Fortune 500 companies over the last 12 years investigating theft, fraud, organized crime, corporate espionage, and many high profile cases as well as being an educator, published author, and featured speaker on surveillance, computer forensics, complex investigations, and ethical hacking. You can find out more about him here.